Updated kernel packages that fix one security issue and three bugs are now available for for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as havingimportant security impact. Common Vulnerability Scoring System (CVSS) basescores, which give detailed severity ratings, are available for eachvulnerability from the CVE links in the References section.

The kernel packages contain the Linux kernel, the core of any Linuxoperating system.

This update fixes the following security issue:

* It was found that permissions were not checked properly in the Linuxkernel when handling the /proc/[pid]/mem writing functionality. A local,unprivileged user could use this flaw to escalate their privileges. Referto Red Hat Knowledgebase article DOC-69129, linked to in the References,for further information. (CVE-2012-0056, Important)

Red Hat would like to thank JÃ¼ri Aedla for reporting this issue.

This update fixes the following bugs:

* The RHSA-2011:1849 kernel update introduced a bug in the Linux kernelscheduler, causing a "WARNING: at kernel/sched.c:5915 thread_return"message and a call trace to be logged. This message was harmless, and wasnot due to any system malfunctions or adverse behavior. With this update,the WARN_ON_ONCE() call in the scheduler that caused this harmless messagehas been removed. (BZ#768288)

* The RHSA-2011:1530 kernel update introduced a regression in the waythe Linux kernel maps ELF headers for kernel modules into kernel memory.If a third-party kernel module is compiled on a Red Hat Enterprise Linuxsystem with a kernel prior to RHSA-2011:1530, then loading that module ona system with RHSA-2011:1530 kernel would result in corruption of one bytein the memory reserved for the module. In some cases, this could preventthe module from functioning correctly. (BZ#769595)

* On some SMP systems the tsc may erroneously be marked as unstable duringearly system boot or while the system is under heavy load. A "Clocksourcetsc unstable" message was logged when this occurred. As a result the systemwould switch to the slower access, but higher precision HPET clock.

The "tsc=reliable" kernel parameter is supposed to avoid this problem byindicating that the system has a known good clock, however, the parameteronly affected run time checks. A fix has been put in to avoid the boottime checks so that the TSC remains as the clock for the duration ofsystem runtime. (BZ#755867)

Users should upgrade to these updated packages, which contain backportedpatches to correct these issues. The system must be rebooted for thisupdate to take effect.

4. Solution:

Before applying this update, make sure all previously-released erratarelevant to your system have been applied.

Updated qemu-kvm packages that fix one security issue, one bug, and addone enhancement are now available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as havingimportant security impact. A Common Vulnerability Scoring System (CVSS)base score, which gives a detailed severity rating, is available from theCVE link in the References section.

KVM (Kernel-based Virtual Machine) is a full virtualization solution forLinux on AMD64 and Intel 64 systems. qemu-kvm is the user-space componentfor running virtual machines using KVM.

A heap overflow flaw was found in the way QEMU-KVM emulated the e1000network interface card. A privileged guest user in a virtual machine whosenetwork interface is configured to use the e1000 emulated driver could usethis flaw to crash the host or, possibly, escalate their privileges on thehost. (CVE-2012-0029)

Red Hat would like to thank Nicolae Mogoreanu for reporting this issue.

This update also fixes the following bug:

* qemu-kvm has a "scsi" option, to be used, for example, with the"-device" option: "-device virtio-blk-pci,drive=[drive name],scsi=off".Previously, however, it only masked the feature bit, and did not rejectSCSI commands if a malicious guest ignored the feature bit and issued arequest. This update corrects this issue. The "scsi=off" option can beused to mitigate the virtualization aspect of CVE-2011-4127 before theRHSA-2011:1849 kernel update is installed on the host.

This mitigation is only required if you do not have the RHSA-2011:1849kernel update installed on the host and you are using raw format virtiodisks backed by a partition or LVM volume.

If you run guests by invoking /usr/libexec/qemu-kvm directly, use the"-global virtio-blk-pci.scsi=off" option to apply the mitigation. If youare using libvirt, as recommended by Red Hat, and have the RHBA-2012:0013libvirt update installed, no manual action is required: guests willautomatically use "scsi=off". (BZ#767721)

Note: After installing the RHSA-2011:1849 kernel update, SCSI requestsissued by guests via the SG_IO IOCTL will not be passed to the underlyingblock device when using raw format virtio disks backed by a partition orLVM volume, even if "scsi=on" is used.

As well, this update adds the following enhancement:

* Prior to this update, qemu-kvm was not built with RELRO or PIE support.qemu-kvm is now built with full RELRO and PIE support as a securityenhancement. (BZ#767906)

All users of qemu-kvm should upgrade to these updated packages, whichcorrect these issues and add this enhancement. After installing thisupdate, shut down all running virtual machines. Once all virtual machineshave shut down, start them again for this update to take effect.

4. Solution:

Before applying this update, make sure all previously-released erratarelevant to your system have been applied.

Updated kvm packages that fix two security issues are now available forRed Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as havingimportant security impact. Common Vulnerability Scoring System (CVSS) basescores, which give detailed severity ratings, are available for eachvulnerability from the CVE links in the References section.

A heap overflow flaw was found in the way QEMU-KVM emulated the e1000network interface card. A privileged guest user in a virtual machine whosenetwork interface is configured to use the e1000 emulated driver could usethis flaw to crash the host or, possibly, escalate their privileges on thehost. (CVE-2012-0029)

A flaw was found in the way the KVM subsystem of a Linux kernel handled PIT(Programmable Interval Timer) IRQs (interrupt requests) when there was novirtual interrupt controller set up. A malicious user in the kvm group onthe host could force this situation to occur, resulting in the hostcrashing. (CVE-2011-4622)

Red Hat would like to thank Nicolae Mogoreanu for reporting CVE-2012-0029.

All KVM users should upgrade to these updated packages, which containbackported patches to correct these issues. Note: The procedure in theSolution section must be performed before this update will take effect.

4. Solution:

Before applying this update, make sure all previously-released erratarelevant to your system have been applied.

The following procedure must be performed before this update will takeeffect:

1) Stop all KVM guest virtual machines.

2) Either reboot the hypervisor machine or, as the root user, remove (using"modprobe -r [module]") and reload (using "modprobe [module]") all of thefollowing modules which are currently running (determined using "lsmod"):kvm, ksm, kvm-intel or kvm-amd.